Sensitive Information Exposure in OpenStack Compute (Nova) by Vendor OpenStack
CVE-2015-8749
5.9MEDIUM
Summary
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) prior to version 2015.1.3 and 12.0.x before 12.0.1 may expose sensitive connection information. When using the Xen backend, the connection_info dictionary is included in the StorageError messages, potentially allowing attackers to extract password information through log file access or other unnamed methods. This exposure poses significant privacy risks to users and systems relying on secure cloud operations.
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved